Details of VAR-201904-0922

ID

VAR-201904-0922

CVE

CVE-2019-11418

TITLE

TRENDnet TEW-632BRP Router buffer error vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-003818

DESCRIPTION

apply.cgi on the TRENDnet TEW-632BRP 1.010B32 router has a buffer overflow via long strings to the SOAPACTION:HNAP1 interface. TRENDnet TEW-632BRP The router contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. TRENDnet TEW-632BRP is a 300Mbps wireless home router. The apply.cgi in TRENDnet TEW-632BRP 1.010B32 has a buffer overflow vulnerability. This vulnerability stems from the fact that when the network system or product performs operations on the memory, the data boundary is not verified correctly, which leads to the execution of other associated memory locations. Bad read and write operations

Trust: 2.34

sources: NVD: CVE-2019-11418 // JVNDB: JVNDB-2019-003818 // CNVD: CNVD-2020-46234 // VULHUB: VHN-143062 // VULMON: CVE-2019-11418

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-46234

AFFECTED PRODUCTS

vendor:	trendnet	model:	tew-632brp	scope:	eq	version:	1.010b32	Trust: 1.8
vendor:	trendnet	model:	tew-632brp 1.010b32	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2020-46234 // JVNDB: JVNDB-2019-003818 // NVD: CVE-2019-11418

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-11418
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2019-11418
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2020-46234
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201904-983
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-143062
value:	HIGH
Trust: 0.1
VULMON:	CVE-2019-11418
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2019-11418
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2020-46234
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-143062
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-11418
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2020-46234 // VULHUB: VHN-143062 // VULMON: CVE-2019-11418 // JVNDB: JVNDB-2019-003818 // CNNVD: CNNVD-201904-983 // NVD: CVE-2019-11418

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.9

sources: VULHUB: VHN-143062 // JVNDB: JVNDB-2019-003818 // NVD: CVE-2019-11418

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201904-983

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201904-983

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-003818

PATCH

title:

Top Page

url:

https://www.trendnet.com/home

Trust: 0.8

sources: JVNDB: JVNDB-2019-003818

EXTERNAL IDS

db:	NVD	id:	CVE-2019-11418	Trust: 3.2
db:	JVNDB	id:	JVNDB-2019-003818	Trust: 0.8
db:	CNNVD	id:	CNNVD-201904-983	Trust: 0.7
db:	CNVD	id:	CNVD-2020-46234	Trust: 0.6
db:	VULHUB	id:	VHN-143062	Trust: 0.1
db:	VULMON	id:	CVE-2019-11418	Trust: 0.1

sources: CNVD: CNVD-2020-46234 // VULHUB: VHN-143062 // VULMON: CVE-2019-11418 // JVNDB: JVNDB-2019-003818 // CNNVD: CNNVD-201904-983 // NVD: CVE-2019-11418

REFERENCES

url:	https://github.com/zyw-200/iotfuzzer/blob/master/trendnet_response.png	Trust: 2.6
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11418	Trust: 1.4
url:	https://nvd.nist.gov/vuln/detail/cve-2019-11418	Trust: 1.4
url:	https://cwe.mitre.org/data/definitions/119.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2020-46234 // VULHUB: VHN-143062 // VULMON: CVE-2019-11418 // JVNDB: JVNDB-2019-003818 // CNNVD: CNNVD-201904-983 // NVD: CVE-2019-11418

SOURCES

db:	CNVD	id:	CNVD-2020-46234
db:	VULHUB	id:	VHN-143062
db:	VULMON	id:	CVE-2019-11418
db:	JVNDB	id:	JVNDB-2019-003818
db:	CNNVD	id:	CNNVD-201904-983
db:	NVD	id:	CVE-2019-11418

LAST UPDATE DATE

2024-11-23T22:51:50.043000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2020-46234	date:	2021-02-23T00:00:00
db:	VULHUB	id:	VHN-143062	date:	2019-04-23T00:00:00
db:	VULMON	id:	CVE-2019-11418	date:	2019-04-23T00:00:00
db:	JVNDB	id:	JVNDB-2019-003818	date:	2019-05-23T00:00:00
db:	CNNVD	id:	CNNVD-201904-983	date:	2019-04-24T00:00:00
db:	NVD	id:	CVE-2019-11418	date:	2024-11-21T04:21:04.620

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2020-46234	date:	2019-08-16T00:00:00
db:	VULHUB	id:	VHN-143062	date:	2019-04-22T00:00:00
db:	VULMON	id:	CVE-2019-11418	date:	2019-04-22T00:00:00
db:	JVNDB	id:	JVNDB-2019-003818	date:	2019-05-23T00:00:00
db:	CNNVD	id:	CNNVD-201904-983	date:	2019-04-22T00:00:00
db:	NVD	id:	CVE-2019-11418	date:	2019-04-22T11:29:05.563